HTC mandated to fix security flaws in US settlement

PATCH UP:：The Taiwanese smartphone maker’s US unit must also establish a security program and undergo biannual reviews for the next two decades

Bloomberg

Sun, Feb 24, 2013 - Page 13

HTC America Holding Inc, a unit of Taiwanese smartphone vendor HTC Corp (宏達電), must develop and release software patches to fix vulnerabilities found in millions of smartphones and tablet computers under a settlement announced yesterday with the US Federal Trade Commission.

The vulnerabilities placed sensitive information about millions of consumers at risk and potentially permitted malicious applications to send text messages, record audio and install additional malware without a user’s knowledge or consent, the commission said in a news release.

Malware placed on devices could be used to record and transmit information entered into devices, including financial account data and calendar entries, or get access to a user’s location, the commission said.

“We have addressed the identified security vulnerabilities on the majority of devices in the US,” HTC America said in an e- mailed statement. “We’re working to roll out the remaining software updates now and recommend customers download them once available.”

HTC Corp was the top maker of smartphones in the US in the third quarter of 2011 before it lost market share to Apple Inc and Samsung Electronics Co. It dropped off the list of the world’s five biggest smartphone vendors in the three months ended on December last year.

The settlement requires HTC America to establish a comprehensive security program and undergo independent security assessments every other year for the next 20 years. HTC America and its partners are in the process of deploying the security patches required by the settlement, the commission said.

It also prohibits the company from making false or misleading statements about consumer data security and privacy on HTC devices, the commission said in its release.